Seven Unintended Consequences of Electronic HIE

by Harry Rhodes

A recent federal study of the potential unintended consequences of electronic health information exchange revealed several characteristics that, if not addressed soon, could lead to data and privacy issues.

The construct that health IT undertakings can have results other than those originally anticipated is not new concept. Possible causes of unanticipated consequences include ignorance, error, overriding of long-term interest by immediate interest, basic values that require or prohibit action, and self-defeating prophecy.1

In 2009 the American Medical Policy Meeting dedicated their Annual Health Policy Meeting to consideration of potential unanticipated consequences that could result from increased implementation of health IT.

By identifying and understanding the unintended consequences, those charged with the implementation of HIE can plan for and manage the issues more readily. Each identified issue would be addressed at the four phases of the project:

  1. Design and planning
  2. Implementation
  3. Operational
  4. Termination

A recent study of the potential unintended consequences of electronic health information exchange funded by Westat and the Office of the National Coordinator for Health Information Technology (ONC), conducted by the Health Information Exchange Unintended Consequences Workgroup, revealed seven characteristics of HIE that, if not addressed, could lead to unintended consequences. The final workgroup report can be retrieved at

1. Data fragmentation; resulting in incomplete, inaccurate, or untimely data provided by HIE

  • Background/context
    • Data governance and quality issues, negatively impacting clinical decisions and compromising patient outcomes
    • Uncertainty and doubt decreasing clinician confidence in/acceptance of HIE
    • Inability to secure truly confidential material such that access is limited to those that need such access
  • Unintended consequences/root causes
    • Faulty patient identity management
    • Data representation unpredictability
    • Privacy laws that result in data segmentation and technical constraints that result in patients withholding information that they want to protect
    • Technical and financial barriers to achieving 100 percent provider/patient participation
    • Data transmission technology issues impacting data completeness
    • IT functionality barriers impacting transmission of certain data
    • Poor data integration contributing to poor quality data
  • Approaches to risk mitigation
    • Automated patient matching algorithms, use of data standards, interface testing and change management, user education to set expectations
    • Research needed to improve confidence in data accuracy
    • Develop access controls that are appropriate to the type of information involved

2. Further research into optimal methods for data summarization, presentation, and the impact of data overload on the clinician’s cognitive capabilities

  • Background/context
    • Identification of data overload thresholds negatively impacting physician cognitive capabilities
    • Investigation of HIE efforts to filter, sort, aggregate, and summarize data into an integrated clinical workflow
  • Unintended Consequences
    • Poor data summarization, presentation, and workflow can result in provider frustration, rejection of HIE capability
  • Mitigation approaches
    • Human factor design for data summation, presentation, and workflow; along with innovative training approaches and standards implementation to promote integration of HIE with EHR
    • Promulgation of optimal approaches for summarization, presentation, and HIE- related workflow

3. Mainstreaming provider and patient use of HIE

  • Background/ context
    • Establish initiatives to promoting the routine use of HIE
  • Unintended consequences/ root causes
    • Provider/patient HIE fear, uncertainty, and doubt will create a question of value, resulting in a negative spiral
    • Provider organizations must seek to realize the benefits of HIE, users not confident in data reliability will question financial benefits, and will withdraw support
    • Work-arounds to address system limitations/annoyances could create unintended data integrity issues; Variations on cut-and-paste, routine clicking through long menus (though not permissible) will occur if providers are pressed for time
  • Mitigation approaches
    • Encourage HIE use by benchmarking best practices
    • Provider organizations wishing to capitalize on the benefits of HIE must incorporate approaches that minimize potential associated risks
    • Streamline workflows to reduce practices that will be viewed as not producing added value

4. Factoring in patient perceptions and concerns regarding health information exchange

  • Background/ context
    • Mitigate misapprehension about who has access to data and for what purposes
  • Unintended consequences/ root causes
    • Concerns surrounding HIE privacy and security safeguards may negatively impact patient perceptions, negatively impacting patient support and participation
    • Proliferation of inaccurate data may undermine patient confidence
    • Data made available to patients via personal health records may be either too late to be useful or not well enough explained prior to presentation, negatively impacting patient support and participation.
    • Patients misunderstanding of the rights they have been afforded under HIPAA, the final rule, state confidentiality laws may negatively impact their support for health IT if they feel their rights have been abrogated
  • Mitigation approaches
    • Patient education outreach campaigns that clarify what rights patients are actually afforded will encourage reasonable expectations leading to more involvement and support
    • Awareness campaigns about benefits of HIE will lessen patient concerns
    • Insure results made available to patients via PHR are timely enough to be useful to them
    • Insure that providers understand the importance of preparing patients for what they will be accessing

5. Provider concerns regarding reputational and financial risks of HIE

Healthcare providers operate as an essential part of any community, whether the provider is a large, complex medical system with numerous facilities and offices or a solo practitioner. Providers are protective of their good name and reputation in the community, and of their role as guardians of a patient’s personal information. They are concerned that broadened access to patient data may limit their ability to guarantee their patients the privacy they need or wish thus creating reputational and financial concerns for themselves as well as for patients and organizations.

Providers are apprehensive about the risk to their reputation from a breach of PHI that might be beyond their control. A breach could include an unauthorized use or a breach of the information by another provider of the HIO. Providers need to carefully consider their own confidentiality, privacy and security programs and capabilities before they introduce HIE to their systems and protocols.

  • Unintended consequences/root causes
    • Concerns about potential increase in insurance costs, patient mobility
    • General anxiety and apprehension about participating

There are numerous ways in which this unintended consequence can be mitigated. There are a wide array of model contracts and data sharing agreements available for providers to consider when deciding on participation with HIE. Use of counsel experienced in review and negotiation of a model agreement with an HIO and/or a data sharing agreement as a condition of participation in the HIO is recommended.

Additionally, as recommended by the authors, participation in an HIO should include robust training for all participants and their staff. Training should include information on clear protocols for appropriate use for data.

6. Provider and patient vulnerability to technical problems

  • Background/context
    • HIE involves complex and disruptive technology
    • Implementation of HIE technology demands management of a complex network.
    • Malware has infiltrated biotechnology
  • Unintended consequences/root causes
    • Network maintenance is prone to risk
      • System upgrades must be coordinated across many members
      • Changes to EHR system configurations may impact HIE, and vice-versa
      • Management of business continuity and disaster recovery in HIE is complex; the geographic range must be taken into account with regard to the risk of natural disasters
      • Malware on one portion of the HIE can penetrate systems of other participants
  • Mitigation approaches
    • Compliance with IT governance protocols will ensure consistent system performance
    • Adherence to upgrade protocols and system testing ensure optimal performance
    • Implementation of robust disaster recovery plans will ensure business continuity
  • Implementation of robust anti malware protocols by all participants in the HIE

7. Attention to administration factors of HIE

  • Background/context
    • Adherence to regulatory requirements and business aspects of exchange activities
    • Management of confidentiality, privacy, and security data sharing policies and safeguards
  • Unintended consequences/root causes
    • Understanding of regulatory framework presents a challenge
    • Regulations may vary across different venues
    • Difficulties recruiting and retaining an adequately trained and experienced workforce
    • Lack of staff compliance with regulations and standards presents a risk
    • Providers may participate in multiple HIE models that have varying structure, security, purpose, rules of the road; Training staff and users regarding the role and rules of each model could be confusing
  • Mitigation approaches
    • Compliance with system protocols essential to successfully meeting regulatory requirements
    • Formal educational models to train new hires and current personnel

Summary and Recommendations

Modern healthcare providers demand access to patient health information across the continuity of care to improve the quality of care and improve patient outcomes. Ideally, a clinician should be able to access complete, accurate, and timely patient data to support optimal care delivery. To ensure that the benefits of HIE data sharing are fully realized, healthcare organizations must educate providers about the nuances and limitations of health information exchange functionalities. Proponents of health information exchange should strive to ensure that data retrieval across the HIE is compatible with provider business models and workflows. Ensuring that data workflows, presentation, integration, and summarization are harmonized across multiple data sources provides a clear, genuine, and comprehensive representation of each and every patient in the system.


Bloomrosen, M., Starren, J, Lorenzi, N. M., Ash, J. S., Patel, V. L. and Shortliffe, E. H. (2011). Anticipating and addressing the unintended consequences of health IT and policy: a report from the AMIA 2009 Health Policy Meeting. Journal of American Medical Informatics Association; 18:82-90. Doi: 10.1136/jamia.2010.007567.

Kuperman, G. J and McGowan, J.J. (2012, May) Potential unintended consequences of health information exchange. Journal of General Internal Medicine, Society of General Internal Medicine 2013; DOI: 10.1007/s11606-012-2312-0.

Prepared by the HIE Practice Council Unintended Consequences Team:

Alisa Chestler, JD
Lorraine Fernandes, RHIA
Annessa Kirby
Julie Dooling, RHIA
Aviva Halpert, RHIA, CHPS
Jackie Raymond, RHIA
Linda S. Bailey-Woods, RHIA, CPHIMS

Original source:
Rhodes, Harry B.. "Seven Unintended Consequences of Electronic HIE" (Journal of AHIMA), August 2013.